On September 14th, 2017, we published revised versions of our Privacy Policy, Terms of Service and Website Use Policy and published a Cookie Policy. Your continued use of Lynda.com means you agree to these revised documents, so please take a few minutes to read and understand them.

Labeling variables

…Once we sanitize our data, we need to keep track of it.…And more importantly, before we've sanitized it, we…want it clearly labeled as being potentially dangerous.…We can use variable names as labels to help us to keep track.…The idea is to simply use variable names…in order to identify the condition of the data.…The variable name will include a term like dirty, raw,…tainted, or unsafe for anything that has not yet been sanitized.…And after we sanitize it, we'll give it a new…variable name, which might include clean, filtered, sanitized, or safe.…

I'm sure you can think of others as well.…Let me show you an example. I'll do this one using PHP.…Let's say that we're getting in something from a form that's…an email address, so it comes in as a post request.…When we assign that to an internal variable,…we can assign it to something called raw_email.…The fact that it has raw in front of it,…lets us know that it has not yet been sanitized.…After we sanitize it, then we can assign it to a new…variable name called safe_email, and that'll…

Resume Transcript Auto-Scroll

Author

Released

2/19/2014

Learn about the most important security concerns when developing websites, and what you can do to keep your servers, software, and data safe from harm. Instructor Kevin Skoglund explains what motivates hackers and their most common methods of attacks, and then details the techniques and mindset needed to craft solutions for these web security challenges. Learn the eight fundamental principles that underlie all security efforts, the importance of filtering input and controlling output, and smart strategies for encryption and user authentication. Kevin also covers special considerations when it comes to credit cards, regular expressions, source code managers, and databases.

This course is great for developers who want to secure their client's websites, and for anyone else who wants to learn more about web security.